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© File-secure computer system. 

© A method for the secure storage and retrieval of 
data including the steps of placing a removable user 
access unit into a security access port operatively 
associated with a computer, generating a first string 
of symbols, generating a second string of symbols in 
the user access unit based on the first string of 
symbols, encrypting the data based on the second 
string of symbols to form an encrypted data block 
and storing the encrypted data block in a non- 
volatile memory. The method also includes, during 
data retrieval the steps of retrieving the stored en- 
crypted data from the non-volatile memory, regener- 
ating the first string of symbols, regenerating the 
second string of symbols in the user access unit and 
decrypting the encrypted data based the second 
string of symbols to form decrypted data. 



c 


[ ^-10 


un _ 


r 


era 


NT* m 
J flMBOL J FUffl 




SJDWGE 
COMROUiR 



(Fusr saw or sweets) 




STORAGE/ 



CDMJtOL NRD 



i 1 y« 

UBS? ^ 



FIG.1 



ID 
CM 
0> 

rs 

CO 

in 



CL 
IU 



Rank Xerox (UK) Business Services 

13. tO/3-5x/3.0. D 



1 



EP 0 537 925 A1 



2 



FIELD OF THE INVENTION 

This invention relates to computer systems and 
more particularly to security systems for comput- 
ers. 

BACKGROUND OF THE INVENTION 

For large computer systems with many users a 
number of methods have been developed for pro- 
tecting the system from invasion by unauthorized 
users and for protecting data transmitted by remote 
users from interception. For smaller PC systems 
generally only access control systems are avail- 
able. 

U.S. Patent 3,764,742 describes a cryptograph- 
ic credit card device which is inserted by a remote 
user of a central computer system into a reader 
when he wishes to log-on to the system. The credit 
card device is operative to generate an encrypt key 
when primed with a string of priming characters. 
The central computer has the algorithms used by 
all of the authorized users to generate their encrypt 
keys in its memory. In operation the user logs-on 
at the terminal by typing in a short string. The 
computer checks this log-on string with a listing in 
the central computer. If there is a match, the com- 
puter generates random priming characters which it 
sends to the remote terminal. Logic in the card 
generates an encrypt key based on the random 
priming characters. The operator enters a personal 
ID which the terminal encrypts with the encrypt key 
and sends to the central computer. The central 
computer utilizing the same algorithm as the card, 
decodes the encryption and compares the result 
with the proper ID. If the operator entered the 
correct ID, the operator can communicate with the 
central computer. In a secure communication 
mode, the central computer periodically generates 
a set of priming characters which are used by the 
terminal for encryption and by the central computer 
for decryption. The data is apparently stored in the 
central computer memory in "clear" form. 

Other U.S. Patents which provide for remote 
user identification and/or encryption of transmitted 
messages are U.S. Patents 3,806,874; 4,599.489; 
4,951,249; 4,800,590; 4,819,267 and 4,691,355. 

U.S. Patent 4,588,991 describes a system in 
which data is stored in encrypted form on the 
storage medium of the central computer. This pat- 
ent describes a system for enhancing security of 
the data by changing the encryption key when the 
system is accessed. 

Other well known systems utilize an electronic 
or mechanical key system to gain access to per- 
sonal or one-user systems. However, to protect 
computers from data theft users must use de- 
tachable units such as diskettes or Bernoulli disks, 



and store the units in a safe place after work hours. 

SUMMARY OF THE INVENTION 

5 The object of the present invention is to pro- 

vide a computer system in which security is not 
dependent solely on access to or the physical 
security of the stored data. Unlike previous sys- 
tems which depend on limiting access to the com- 
w puter or on encrypting information using codes 
which are also physically available in the computer 
and/or to persons other than the user, the system 
of the present invention protects the data by stor- 
ing the data in encrypted form using an encryption 
is key which is present only in a removable user 
access unit in the sole possession of the user. 

Thus a number, of users can have access to 
the same data files but only the user who actually 
entered the information in the file can read the file. 
20 In a prefened optional embodiment of the sys- 

tem the allocation files of the system are also 
encrypted using the card and access to the system 
is thus limited to holders of the user access unit or 
a clone of the user access unit. 
25 The system can be used as a stand alone 
protection system or is preferably used in conjunc- 
tion with other available user access 
identification/restriction systems. Thus the user ac- 
cess unit can have additional terminals which sup- 
30 ply user identification information which are re- 
quired for access to the system and which may be 
used by users having different user access units. 

There is therefore provided, in a prefened em- 
bodiment of the invention, a method for the secure 
35 storage and retrieval of data including the steps of, 
placing a removable user access unit into a secu- 
rity access port operatively associated with a com- 
puter, generating a first string of symbols in the 
computer, generating a second string of symbols in 
40 the user access unit based on the first string of 
symbols, encrypting the data based the second 
string of symbols to form an encrypted data block 
and storing the encrypted data block in a non- 
volatile memory. 
45 In a preferred embodiment of the invention the 

first string of symbols is generated in the com- 
puter. In an alternative preferred embodiment of 
the invention the first string of symbols is gen- 
erated in the user access unit, 
so In a preferred embodiment of the invention the 
method includes the step of storing the first string 
of symbols together with the data block in the non- 
volatile memory. 

Preferably the step of generating the first string 
55 of symbols includes the step of generating a ran- 
dom string of symbols. In an alternative preferred 
embodiment of the invention the step of generating 
the first string of symbols includes determining the 
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address at which the encrypted data is to be 
stored. Generally, when the first string of symbols 
is based on the address, the first string of symbols 
need not be stored with the data block. 

Preferably the step of generating the second 
string of symbols from the first string utilizes a one- 
way hashing function. 

In a preferred embodiment of the invention the 
method also includes the steps of retrieving the 
stored encrypted data from the non-volatile mem- 
ory, transmitting the first string of symbols to the 
user access unit, regenerating the second string of 
symbols in the user access unit and decrypting the 
encrypted data based on the second string of sym- 
bols to form decrypted data. 

There is further provided, in accordance with a 
preferred embodiment of the invention, apparatus 
for secure storage of data including a terminal, a 
security access port operatively associated with the 
terminal adapted to receive a user access unit, 
seed generating means for generating a first string 
of symbols, control word generating means for 
generating a second string of symbols in the user 
access unit based on the first string of symbols, 
encrypting means for encrypting the data based on 
the second string of symbols to form an encrypted 
data block, a non-volatile memory and storage 
means for storing the encrypted data block in the 
non-volatile memory. 

In a preferred embodiment of the invention, 
scrambling words based on the second string of 
symbols are utilized to form the encrypted data 
block and for decrypting the encrypted data. 

In a preferred embodiment of the invention the 
seed generating means includes means for deriv- 
ing the first string of symbols from the address of 
the encrypted data block in the non-volatile mem- 
ory. In an alternative preferred embodiment the 
seed generating means includes an essentially ran- 
dom symbol generator, wherein the first string of 
symbols is derived from the output of the essen- 
tially random symbol generator. 

Preferably, the apparatus for secure storage 
includes means for storing the first string of sym- 
bols together with the encrypted data Generally, 
when the first string of symbols is based on the 
address, the first string of symbols need not be 
stored with the data block. 

In a preferred embodiment of the invention the 
apparatus for secure storage includes retrieving 
means for retrieving the stored encrypted data 
from the non-volatile memory, regenerating means 
for re-generating the first string of symbols, means 
for applying the first string of symbols to the word 
generating means and for receiving therefrom a 
regenerated second string of symbols, and decryp- 
ting means for decrypting the encrypted data 
based on the second string of symbols to form 



decrypted data. 

There is further provided, in accordance with a 
preferred embodiment of the invention a computer 
system including a terminal, a security access port 

s operatively associated with the terminal adapted to 
receive a user access unit, a non-volatile memory 
containing stored encrypted data, means for re- 
trieving the stored encrypted data from the non- 
volatile memory, seed generating means for gen- 

to erating a first string of symbols, control word gen- 
erating means for generating a second string of 
symbols in the user access unit based on the first 
string of symbols, decrypting means for decrypting 
the encrypted data based on the second string of 

15 symbols to form decrypted data 

In one preferred embodiment of the invention 
the allocation table is encrypted by the encryption 
method of the invention, in an alternate preferred 
embodiment of the invention only the data is en- 

20 crypted and the allocation table is not encrypted by 
the system of the invention. In this alternative em- 
bodiment the system preferably includes conven- 
tional access controls or conventional encryption 
for the allocation table. 

25 In a preferred embodiment of the invention the 
decrypting means includes means for generating 
scrambling words based on the second string of 
symbols and means for decrypting the encrypted 
data with the scrambling words to form the decryp- 

30 ted data. Preferably the means for generating in- 
cludes a pseudo-random binary number generator. 

BRIEF DESCRIPTION OF THE DRAWINGS 

35 The invention can be better understood by the 
following, non-limiting, detailed description of the 
preferred embodiments of the invention described 
in conjunction with the accompanying drawings in 
which: 

40 Fig. t is a block diagram of a computer system 
in accordance with a preferred embodiment of 
the invention; 

Rg. 2 is a block diagram of a preferred embodi- 
ment of the data filter of the apparatus of Fig. 1; 

45 Rg. 3 is a block diagram of a preferred embodi- 
ment of the seed generator of the apparatus of 
Rg. 2 using a random seed; 
Rg. 4 is a block diagram of an alternate pre- 
ferred embodiment of the seed generator of the 

60 apparatus of Rg. 2 using the data address as 
the seed; 

Rg. 5 is a block diagram of a preferred embodi- 
ment of the pseudo-random binary number gen- 
erator of the apparatus of Rg. 2; 
55 Rg. 6 is a block diagram of a preferred embodi- 
ment of the scrambler/descrambler module of 
the apparatus of Rg 2; and 
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PRBNG can be as large as 2 n . 

Referring now to Fig. 6 the scrambling word is 
exclusive-ored with the encrypted/unencrypted 
data, in scrambler/descrambler 26, by exclusive-or 
gates 38 to form decrypted/encrypted data as the 
case may be. 

it is thus seen that, so long as the algorithm 
used by user access unit 20 to generate the control 
word is not known, the encrypted data is safe from 
reading or deliberate modification. While the data 
can be tampered with, any such tampering will be 
destructive, since the changes will not be encryp- 
ted according to the same scrambling word as the 
rest of the data. In order to avoid any such destruc- 
tion of data, suitable access controls as are known 
in the art are preferably used as an adjunct to the 
system of the present invention. Alternatively or 
additionally, the allocation table can be encrypted 
using the same system as the data. In such a 
system access to the disk as a whole will be 
denied to any user who does not have the user 
access unit. 

Figure 7 shows a block diagram of a preferred 
embodiment of user access unit 20. The unit com- 
prises a shift register 40 which receives the seed 
and passes it on to hashing function operator 42, 
which subjects the seed to a one-way hashing 
function whose parameters are set by the user and 
buried in the hashing function operator in such a 
way that it is not possible to read them back. The 
resulting hashed seed is passed to a shift register 
44 for transfer to the filter. 

Also included in user access unit 20, but not 
shown in Fig. 7 are a one time initializing mecha- 
nism for entering user parameters and a protection 
mechanism, which prevents the reading or modi- 
fication of the parameters. The hashing function 
operator may use programmable logic device tech- 
nology or any other suitable technology. 

In an alternative preferred embodiment of the 
invention either or both of random noise generator 
28 and PRBNG 24 are included as pal of user 
access unit 20 rather than as part of the computer. 

No one except the user knows the parameters 
of the hashing function. Nor does the user have to 
remember the parameters, since they are con- 
tained in the user access unit. An unauthorized 
user of the system will not have physical access to 
the user access unit and therefore cannot generate 
the proper control words required to read the en- 
crypted files. 

Unlike existing systems in which the algorithm 
used by the user for encoding is contained in the 
central computer, the present system has all the 
user specific information in removable user access 
unit 20. Thus even if the data itself is compromised 
by a physical or electronic break-in of the com- 
puter, the encrypted data will be safe from reading 



or modification. 

The present invention is not limited by the 
particular embodiments disclosed but includes var- 
ious changes and modifications which may be 
5 made without departing from the spirit and scope 
of the invention as defined in the following claims: 

Claims 

w 1. A method for the secure storage and retrieval 
of data including the steps of: 

placing a removable user access unit into 
a security access port operatively associated 
with the computer; 
is generating a first string of symbols; 

generating a second string of symbols in 
the user access unit based on the first string of 
symbols; 

encrypting the data based on the second 
20 string of symbols to form an encrypted data 

block; and 

storing the encrypted data block in a non- 
volatile memory. 

25 2. A method according to claim 1 wherein the 
first string of symbols is generated in the com- 
puter and transmitted to the user access unit 

3- A method according to claim 1 wherein the 
30 first string of symbols is generated in the user 

access unit. 

4. A method according to any of the preceding 
claims and including the step of storing the 
35 first string of symbols together with the data 

block in the non-volatile memory. 

5- A method according to any of the preceding 
claims wherein the step of generating the first 
40 string of symbols includes the step of generat- 
ing a random string of symbols. 

6. A method according to claim 1 wherein the 
step of generating the first string of symbols 

45 includes determining the address at which the 

encrypted data is stored. 

7. A method according to any of the preceding 
claims wherein the step of generating the see- 
so ond string of symbols from the first string 

includes utilizing a one-way hashing function. 

8- A method according to any of the preceding 
claims wherein the step of encrypting the data 
55 includes the step of generating a string of 
words from the second string of symbols and 
encrypting the data with the second string of 
words. 
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9. A method according to any of the preceding 
claims and including the steps of: 

retrieving the stored encrypted data from 
the non-volatile memory; 

regenerating the first string of symbols; 

regenerating the second string of symbols 
in the user access unit; and 

decrypting the encrypted data based the 
second string of symbols to form decrypted 
data. 

10. A method for the retrieval of stored encrypted 
data including the steps of: 

retrieving stored encrypted data from a 
non-volatile memory; 

generating a first string of symbols; 

generating a second string of symbols in 
user access unit based on the first string of 
symbols; and 

decrypting the encrypted data utilizing the 
second string of symbols to form decrypted 
data. 

11. A method according to claim 9 or claim 10 
wherein the step of decrypting includes the 
step of generating a string of words from the 
second string of symbols and decrypting the 
encrypted data with the string of words. 

12. Apparatus for secure storage of data compris- 
ing: 

a terminal; 

a security access port operatively asso- 
ciated with the terminal adapted to receive a 
user access unit; 

seed generating means for generating a 
first string of symbols; 

word generating means for generating a 
second string of symbols in the user access 
unit based on the first string of symbols; 

encrypting means for encrypting the data 
based on the second string of symbols to form 
an encrypted data block; 

a non-volatile memory; and 

storage means for storing the encrypted 
data block in the non-volatile memory. 

1a Apparatus according to claim 12 wherein the 
seed generating means includes means for 
deriving the first string of symbols from the 
address of the encrypted data block in the 
non-volatile memory. 

14. Apparatus according to claim 12 wherein the 
seed generating means includes an essentially 
random symbol generator, wherein the first 
string of symbols is derived from the output of 
the essentially random symbol generator. 



15. Apparatus according to any of claims 12-14 
and including means for storing the first string 
of symbols together with the encrypted data. 

s 16. Apparatus according to any of claims 12-15 
wherein the encrypting means includes means 
for generating a string of words from the sec- 
ond string of symbols and for encrypting the 
data with the string of words. 

70 

17. Apparatus according to claim 16 wherein the 
means for generating includes a pseudo-ran- 
dom binary number generator. 

is 18. Apparatus according to any of claims 12-17 
and including: 

retrieving means for retrieving the stored 
encrypted data from the non-volatile memory; 
regenerating means for re-generating the 
20 first string of symbols; 

means for applying the first string of sym- 
bols to the word generating means and for 
receiving therefrom a regenerated second 
string of symbols; and 
as decrypting means for decrypting the en- 

crypted data based on the second string of 
symbols to form decrypted data. 

19. A computer system comprising: 
30 a terminal; 

a security access port operatively asso- 
ciated with the terminal adapted to receive a 
user access unit; 

a non-volatile memory containing stored 
35 encrypted data; 

means for retrieving the stored encrypted 
data from the non-volatile memory; 

seed generating means for generating a 
first string of symbols; . 
40 word generating means for generating a 

second string of symbols in the user access 
unit based on the first string of symbols; and 

means for decrypting the encrypted data 
based on the second string of symbols to form 
45 decrypted data. 

20. Apparatus according to claim 19 wherein the 
means for decrypting includes means for gen- 
erating a string of words from the second 

so string of symbols and for decrypting the en- 
crypted data with the string of words. 

21. Apparatus according to claim 20 wherein the 
means for generating includes a pseudo-ran- 

55 dom binary number generator. 
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